|
Microsoft
Windows Vulnerablities |
There are two recent issues regarding exploits
of computers running unpatched versions
of the Microsoft Windows operating system.
These exploits only affect Windows NT, XP, 2000, and 2003 Server.
As with these and other vulnerablities the best advice is to update your Windows
regularly, no matter what version, using the built in Windows Update feature or by
going to
Microsoft's Windows
Update and
install an antivirus software on your computer and keep it up to date.
Blaster Virus RPC Exploit:
The first issue, that we have seen an increased number of cases of and has moved to
the top of threat lists, is a worm called
the Blaster worm (a.k.a. Lovsan) that exploits
the Remote Procedure Call (RPC) vulnerability in computers running Microsoft Windows
operating systems. We have seen some customers get the following message which
indicates an attack:
"System Shutdown" with the text:
This system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM
Time before shutdown: 00:00:59
Message:
Windows must now restart because the Remote Procedure Call
(RPC) service terminated unexpectedly
See the Symantec's Blaster worm page for a removal tool and more
information about the worm. This Symantec site has more information about the
vulnerablity and update information:
Symantec Security Response site
If you have difficulty reaching the windows update site, you may download this fix
from
our server.
Windows 2000
Windows NT
Windows XP
Save the file to your computer (either Desktop or My Documents folder) and once the file is downloaded, disconnect from the
internet and run the file. Once the file is finished patching your computer, you'll need to restart your computer (you'll be
prompted to do so).
Once your computer is rebooted, you should run a full system scan with your anti-virus software (Norton AntiVirus, McAfee
VirusShield, etc.) with the latest virus updates (you may have to connect to the internet and get the updates) to ensure that
you don't have the virus lurking on your computer that could infect someone else.
This exploit is further documented at the
Department of Homeland Security's site.
Welchia Virus Windows Exploit:
The second issue that we have seen increased reports of, is closely related
to the Blaster Worm, and that has moved to the top of
threat lists is the W32.Welchia.Worm.
More information about this virus is available at Symantec's web site by clicking
here.
For more information about security, viruses, scams, and hoaxes see the Centex
Technical Support site.
|
|
